From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?UTF-8?q?Nguy=E1=BB=85n=20Th=C3=A1i=20Ng=E1=BB=8Dc=20Duy?= Subject: [PATCH 4/5] checkout --to: fix dangling pointers in remove_junk() Date: Wed, 23 Jul 2014 18:43:14 +0700 Message-ID: <1406115795-24082-5-git-send-email-pclouds@gmail.com> References: <1406115795-24082-1-git-send-email-pclouds@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: Junio C Hamano , Max Kirillov , Eric Sunshine , =?UTF-8?q?Nguy=E1=BB=85n=20Th=C3=A1i=20Ng=E1=BB=8Dc=20Duy?= To: git@vger.kernel.org X-From: git-owner@vger.kernel.org Wed Jul 23 13:44:41 2014 Return-path: Envelope-to: gcvg-git-2@plane.gmane.org Received: from vger.kernel.org ([209.132.180.67]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1X9uyO-0002cv-9N for gcvg-git-2@plane.gmane.org; Wed, 23 Jul 2014 13:44:40 +0200 Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757476AbaGWLog convert rfc822-to-quoted-printable (ORCPT ); Wed, 23 Jul 2014 07:44:36 -0400 Received: from mail-pa0-f52.google.com ([209.85.220.52]:45939 "EHLO mail-pa0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756030AbaGWLof (ORCPT ); Wed, 23 Jul 2014 07:44:35 -0400 Received: by mail-pa0-f52.google.com with SMTP id bj1so1557452pad.25 for ; Wed, 23 Jul 2014 04:44:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-type:content-transfer-encoding; bh=hLEp6YIyPNviLmOxqH+iiVD3+MNlKU/Bkih6mepxnYo=; b=NfVIay0MbllYKqR3U4TCv9N1dm56m34cZqOMCmZeXhwGnMDFCUNbHoS4sf3siYDGEy HX2Co1JrWCGXY/z7Sxr/y5oLgMk3YKeJ8lEviMJfYIUcgv/o17Wlo3jzX3DIVuPEnctK +piLhkhi2ftreWlivlPLY3vfEWeBDziF42UPZ8kk+0+gJSRSL9jd5IGDdD7sQo4Q4EnQ hckES6KzWGiNhLGajv5OG4S1NiymizuEQJv+xY5zKvEHRemkMfK4FZG+YWKZzR0ImBqY cffggyQW5RSkc9kgyix95/6qWFvWWBHNKHu/b5VX6MUvelSnAer90G89KK+CsjJ69ePl 2/lA== X-Received: by 10.68.220.70 with SMTP id pu6mr797304pbc.15.1406115874812; Wed, 23 Jul 2014 04:44:34 -0700 (PDT) Received: from lanh ([115.73.248.125]) by mx.google.com with ESMTPSA id sv10sm8004057pab.32.2014.07.23.04.44.30 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 23 Jul 2014 04:44:34 -0700 (PDT) Received: by lanh (sSMTP sendmail emulation); Wed, 23 Jul 2014 18:44:29 +0700 X-Mailer: git-send-email 1.9.1.346.ga2b5940 In-Reply-To: <1406115795-24082-1-git-send-email-pclouds@gmail.com> Sender: git-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org Archived-At: junk_git_dir is set to sb_repo.buf. By the end of prepare_linked_checko= ut(), sb_repo is freed and so junk_git_dir points to nowhere. If the second checkout command fails, is_junk remains non-zero, remove_junk() will be called and try to clean junk_git_dir, which could be anything now (if it does not crash the program). The new test may pass even without this patch. But it does fail under valgrind (without this patch) with "Invalid read of size 8" at the right line. Signed-off-by: Nguy=E1=BB=85n Th=C3=A1i Ng=E1=BB=8Dc Duy --- builtin/checkout.c | 15 ++++++++++----- t/t2025-checkout-to.sh | 6 ++++++ 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/builtin/checkout.c b/builtin/checkout.c index d35245a..e62c084 100644 --- a/builtin/checkout.c +++ b/builtin/checkout.c @@ -825,8 +825,8 @@ static int switch_branches(const struct checkout_op= ts *opts, return ret || writeout_error; } =20 -static const char *junk_work_tree; -static const char *junk_git_dir; +static char *junk_work_tree; +static char *junk_git_dir; static int is_junk; static pid_t junk_pid; =20 @@ -895,7 +895,7 @@ static int prepare_linked_checkout(const struct che= ckout_opts *opts, =20 if (mkdir(sb_repo.buf, 0777)) die_errno(_("could not create directory of '%s'"), sb_repo.buf); - junk_git_dir =3D sb_repo.buf; + junk_git_dir =3D xstrdup(sb_repo.buf); is_junk =3D 1; =20 /* @@ -909,7 +909,7 @@ static int prepare_linked_checkout(const struct che= ckout_opts *opts, if (safe_create_leading_directories_const(sb_git.buf)) die_errno(_("could not create leading directories of '%s'"), sb_git.buf); - junk_work_tree =3D path; + junk_work_tree =3D xstrdup(path); =20 strbuf_reset(&sb); strbuf_addf(&sb, "%s/gitdir", sb_repo.buf); @@ -939,8 +939,13 @@ static int prepare_linked_checkout(const struct ch= eckout_opts *opts, cp.git_cmd =3D 1; cp.argv =3D opts->saved_argv; ret =3D run_command(&cp); - if (!ret) + if (!ret) { is_junk =3D 0; + free(junk_work_tree); + free(junk_git_dir); + junk_work_tree =3D NULL; + junk_git_dir =3D NULL; + } strbuf_reset(&sb); strbuf_addf(&sb, "%s/locked", sb_repo.buf); unlink_or_warn(sb.buf); diff --git a/t/t2025-checkout-to.sh b/t/t2025-checkout-to.sh index c6601a4..8a00310 100755 --- a/t/t2025-checkout-to.sh +++ b/t/t2025-checkout-to.sh @@ -12,6 +12,12 @@ test_expect_success 'checkout --to not updating path= s' ' test_must_fail git checkout --to -- init.t ' =20 +test_expect_success 'checkout --to refuses to checkout locked branch' = ' + test_must_fail git checkout --to zere master && + ! test -d zere && + ! test -d .git/repos/zere +' + test_expect_success 'checkout --to a new worktree' ' git rev-parse HEAD >expect && git checkout --detach --to here master && --=20 1.9.1.346.ga2b5940